Description
In order for the browser to go fullscreen (currently Android only), access the mic (also Android only), use the camera for real time input (Android only), and even read the gyroscrope pages are required to be served as HTTPS
Unfortunately that's rather complicated. To use HTTPS requires Certificates. Certificates require domain names.
Lots of people have suggested solutions but they all seem to fail in some way
A solution needs to have zero user interaction IMO. Run the game, it just works. No login, no registration, no configuration
The solution I think would work is to run a free DNS server for happyfuntimes and get it listed on the Public Suffix List (or talk to letsencrypt for a special exemption).
The free DNS server would have an API that lets games generate a DNS server like this
<sha256ofgamename+internalip+externalip>.dyndns.happyfuntimes.net
That domain is would point to internal IP address of the game and the DNS server would have an API to support validating letsencrypt using TXT records.
The game (happyfuntimes library) would then have to contact happyfuntimes.net, ask for a domain name, it could then use that name to get a cert from letsencrypt. It would store that locally and if it's close to expiring try to get a new cert.
Some issues
- Do I need to have API keys?
This would only be a pain point for devs not users. Basically like many other services the dev has to register their game and get an API key used to talk to happyfuntimes.net. This allows knowing who owns what and or ban abusers?
- Can I get on the Public Suffix List
Last time I asked I was told the fact that I was just trying to get more certs was bad. I'm not trying to get more certs though. I'm trying get let users get certs. Maybe they'd let me on. My only thinking there was if I separate the "get a domain" into a separate non-happyfuntimes service then it's more generic and more likely to be approved. Also useful for other projects.
- Does the domain name matter?
I choose sha256-internalip-externalip-gamename
because it means the game knows what domain it will use without having to ask. But, since it has to at least contact happyfuntimes.net in some way maybe happyfuntimes.net should just make some random number and return the domain name in the result.
Similarly originally I was going to try to do something like externalip-internalip-gamename
(no sha256). The idea being that since the ip addresses are in the name the dynamic dns server doesn't have to store any data to resolve DNS. It just looks at the name and returns the number in the name. I forgot why I moved away from that ideas. I'd base32 the addresses which for ipv6 is 26 characters per address so internal + external is 52 leaving just 11 for some kind of id (since 2 or more games running on the same machine need their own certs).
Or maybe they don't need their own certs? I don't like the idea of games sharing data. Especially if the dynamic dns portion was unrelated to happyfuntimes and could be used for anything that needed an instant domain and a cert then it seems like the certs should not be shared.
I think the reason random names or whatever came up is the DNS server has to store the DNS-01 challenge stuff for each domain anyway. Since it has to store anything it might as well store more like the generated domain name.
Anyway, other ideas welcome - though please explain how it will require zero end-user interaction to both the person running the game and the people playing the game.